DataBreachToday.com

Lytical Ventures' Taylor Margot on Autonomous Agents and New AI Defenses
As AI shifts toward autonomous agents, organizations face growing exposure from third-party systems. Strong permissioning, data orchestration and new defenses are essential to protect against opaque and potentially costly security risks, said Taylor Margot, partner at Lytical Ventures.

At Least 918K Affected in 2024 BianLian Data Theft Attack
A New York-based pediatric practice and its managed services vendor have agreed to pay $5.15 million to settle a proposed class action lawsuit stemming from a 2024 data theft attack affecting more than 918,000 people and allegedly carried out by cybercrime gang BianLian.

NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure
A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure.

CEO Altman Promises Fixes to 'Way Dumber' Performance, Transparency Amid Glitches
When OpenAI unveiled GPT-5, the company promised a smarter, faster AI at a bargain price. But day-one glitches prompted some users to call for a return to GPT-4. The company’s CEO apologized for the problems as OpenAI cut its pricing model and set up a potential large language model price war.

$150 Million Stolen From Victims and Laundered, Allege Federal Prosecutors
Four Ghanian nationals have been charged with stealing more than $100 million by perpetrating romance scams and business email compromises against U.S. organizations, as well as laundering the stolen proceeds. Three of the suspects have been extradited to the United States to stand trial.

NIST's Apostol Vassilev Explains Need for Dynamic Response, Not Static Testing
As AI models grow in scale and power, leading to even more unpredictable outcomes, security teams are grappling with how to defend technologies that some experts can't begin to fully comprehend. Cyber response teams are exploring the practice of continuous red teaming, said NIST's Apostol Vassilev.

Tokio Marine HCC Targets Vulnerabilities Before They’re Exploited
With ransomware incidents at record highs, Tokio Marine HCC integrates dark web monitoring, vulnerability scanning and incident data into its underwriting process to help clients close gaps and lower the chance of costly breaches.

What Makes Timely and Accurate Breach Reporting So Difficult for Some Organizations?
An Illinois-based brokerage firm that works with employers, businesses and consumers to obtain various types of insurance coverage is notifying nearly 156,000 people that their protected health information was compromised in a data theft hack that occurred more than a year ago. Why the delay?

ENISA's Laura Heuvinck Shares Index Findings, Implications for EU Cybersecurity
In the latest EU Cybersecurity Index, member states scored an average of 64.51 out of 100, reflecting a moderately strong level of preparedness for cyber incidents. ENISA's Laura Heuvinck breaks down the findings and key areas for improving Europe's cybersecurity posture.

Telecom May Face Up to $2.22 Million Per Violation in Fines
The Australian privacy watchdog sued Optus, saying the country's second largest telecom failed for years to protect sensitive customer data breached during a September 2022 incident affecting nearly 10 million people. The regulator said Optus faces a potential fine of up to AU$21.9 trillion.

CEO Nick Schneider Says Cylance Integration Expands Security Platform Value
Roughly half of clients adopting Aurora endpoint security are replacing older, legacy endpoint solutions, while the other half are swapping out or augmenting next-gen endpoint tools, said CEO Nick Schneider. Arctic Wolf's security operations in Cylance's technology has created a unified platform delivering more than standalone endpoint protection.

CEO Yevgeny Dibrov Says Otorio Acquisition Positions Armis for Strong Growth
Armis CEO Yevgeny Dibrov outlines how the Otorio acquisition is driving OT security advances, enabling on-prem deployments and secure remote access. He also details AI's role in defense, Nvidia collaborations and upcoming products to expand the cyber exposure management suite.

Also: US Cyber Grants Are Dwindling; Hybrid Threats Renew Focus on OT Resilience
In this week’s update, four ISMG editors examined the voice phishing attacks linked to the Google and Cisco breaches, the funding gap in U.S. cybersecurity support for local governments and the implications of hybrid warfare on operational technology resilience.

Firm Says Latest Model Hallucinates Less, Scores Better on Benchmarks
OpenAI's unveiling of its latest and newest model arrived wrapped in the big-claim language now standard in the generative artificial intelligence race. The company calls GPT-5 its "smartest, fastest, most useful model yet," but in 2025, those superlatives are table stakes.

Lawmakers Demand Answers From UHG Amid New Breach and Growing Fallout
When you've been the victim of the largest health data breach in U.S. history, and you've been under intense public and regulatory scrutiny for months, the last thing you want to do is to report another major breach less than a year after the last one. But that just happened to UnitedHealth Group.

Chipmaker Argues Against Growing Interest in US to Require New Security Measures
Artificial intelligence chip-making powerhouse Nvidia is rejecting claims from China’s top cyber agency that its H20 chips include location tracking and kill-switch features - while warning U.S. lawmakers against requiring those capabilities in future chip designs.

Also: Ukrainian Hackers Find Evidence of Russian Child Abduction
This week, a Chinese duo arrested in Los Angeles for illegal artificial intelligence chip exports back to China, France extradited an accused Nigerian hacker, Ukraine hacked Crimean servers, Florida prison email leak, Tea App clone exposed users’ IDs.

4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on Devices
Researchers who uncovered four severe flaws in Axis Communications' video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication.

ShinyHunters May Have Struck Again
Airlines Air France and KLM said they suffered a data breach involving a third-party service storing customer data. The alert comes as the ShinyHunters extortion group continues to target Salesforce-using organizations and trick them into sharing direct access to their customer data.